[TLS] WG Adoption for TLS Trust Expressions
Devon O'Brien <asymmetric@google.com> Tue, 23 April 2024 20:37 UTC
Return-Path: <asymmetric@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEC08C14F5EE for <tls@ietfa.amsl.com>; Tue, 23 Apr 2024 13:37:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.589
X-Spam-Level:
X-Spam-Status: No, score=-17.589 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m_k78NXAa2TK for <tls@ietfa.amsl.com>; Tue, 23 Apr 2024 13:37:40 -0700 (PDT)
Received: from mail-qt1-x829.google.com (mail-qt1-x829.google.com [IPv6:2607:f8b0:4864:20::829]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 063FFC14CE2E for <tls@ietf.org>; Tue, 23 Apr 2024 13:37:39 -0700 (PDT)
Received: by mail-qt1-x829.google.com with SMTP id d75a77b69052e-434ffc2b520so45931cf.0 for <tls@ietf.org>; Tue, 23 Apr 2024 13:37:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1713904659; x=1714509459; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=YjcwHgh8eyOuha2yT0ZZTUWd+nsMsRDX0HRvgfSJH1s=; b=r7NX5/dj6rWjjQuKzMlzmIYQz+2lV2ELwlTRrIBp6tJTCkgduHjuEmFQ0lk6MjyiWv 3a9Y22NHibe+Wt7hAMlvN4ZrK4mhWcNzUoXpSxKq+LsPxXrRdCw7f1HR3oBFaF49NJjJ aufPbkM1AR3c77zYOTw6TiAEX5+LkHKCpDZMUNoU1gHdqakJdlbUNu0r65iTCHTJspEX 4OXpVlgFf64m3K7B8j/kzfOPd7eSJzZSliRCPGYkn9lTETRGNc2ocKcCceaxJUj1rMrd bgk40+E1xiRdhHwyeD/ZUVBcWyDMBU3vw8jADIAmQqAxJW5Y0EvSQaA2uo0wx3/K8dGP eJMw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1713904659; x=1714509459; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=YjcwHgh8eyOuha2yT0ZZTUWd+nsMsRDX0HRvgfSJH1s=; b=sTrVbTwUJ1jqAzKI4QhCAl7CCjQS6DG8vpiQn2HuS8IQT7NTmDzLmeu9HibuAtQr8z V8HVLs4++KpREi1GnHSN6G2B0r9mIXmTJ7RxPkwZ4QtcDf89adg122EX1T3oRtcpzgH8 2h3f4bzXTFJEbQNaA7m4T5ASn3GuI6zoFLb8kCljD+Fd1cLKDyemkk8xNtQzVHZFGU7Z VL6b7dta6By1PIw7PkZgQD02eiXl4fvUoPzPwbN3clMKwnNsizXhdRLUH0BSpTXrZkUh yR5Q+dkqgXFQliQaFWnroT8hdjZGJ0XLDzwTcTJZL+kJD8db6Yn0CsBqRnDouLJzUOUW FJFw==
X-Gm-Message-State: AOJu0YzAq0wzAmCB0y/dyMUx935BRQ3haR/RrCHWXVw1piHgpKIOeGYM sss6x1KrDw0NKtjenwEoUGX9Lh7biFPqG2B1A8oG2I+WrTlfIMGnZYBmypNYjmQMqrUETuEaMeW sXo09SdwJGCN6tQVpgYdhpnhdOUOLP9/tNhJWBF9aJ8KYAfRluMxh
X-Google-Smtp-Source: AGHT+IH7go46mztlTBR/ywioRO2ckXJ3ZMlvjqiO6k3tkfenxLHNoB7tQOWaJYj5oEicjg/HZo3erSloMQGrLU1mg1M=
X-Received: by 2002:ac8:6755:0:b0:437:99d8:ea6e with SMTP id n21-20020ac86755000000b0043799d8ea6emr71018qtp.2.1713904658565; Tue, 23 Apr 2024 13:37:38 -0700 (PDT)
MIME-Version: 1.0
From: Devon O'Brien <asymmetric@google.com>
Date: Tue, 23 Apr 2024 13:37:26 -0700
Message-ID: <CAD2nvsQafns7PB72uV2CBgrt1N+f3YK6p_=EO-A_Bs-mb9=g1Q@mail.gmail.com>
To: tls@ietf.org
Cc: Bob Beck <bbe@google.com>, "davidben@chromium.org" <davidben@chromium.org>
Content-Type: multipart/alternative; boundary="0000000000005ab5310616c986aa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/pQwe3GFcvoTNl2skv2rEAfqMAqk>
Subject: [TLS] WG Adoption for TLS Trust Expressions
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2024 20:37:49 -0000
After sharing our first draft of TLS Trust Expressions <https://datatracker.ietf.org/doc/draft-davidben-tls-trust-expr/> and several discussions across a couple IETFs, we’d like to proceed with a call for working group adoption of this draft. We are currently prototyping trust expressions in BoringSSL & Chromium and will share more details when implementation is complete. As we mentioned in our message to the mailing list from January, our primary goal is to produce a mechanism for supporting multiple subscriber certificates <https://github.com/davidben/tls-trust-expressions/blob/main/explainer.md> and efficiently negotiating which to serve on a given TLS connection, even if that ends up requiring significant changes to the draft in its current state. To that end, we’re interested in learning whether wg members support adoption of this deployment model and the currently-described certificate negotiation mechanism or if they oppose adoption (and why!). Thanks! David, Devon, and Bob
- [TLS] WG Adoption for TLS Trust Expressions Devon O'Brien
- Re: [TLS] WG Adoption for TLS Trust Expressions Ilari Liusvaara
- Re: [TLS] WG Adoption for TLS Trust Expressions Kyle Nekritz
- Re: [TLS] WG Adoption for TLS Trust Expressions Watson Ladd
- Re: [TLS] [EXTERNAL] Re: WG Adoption for TLS Trus… Andrei Popov
- Re: [TLS] [EXTERNAL] Re: WG Adoption for TLS Trus… Brendan McMillion
- Re: [TLS] WG Adoption for TLS Trust Expressions S Moonesamy
- Re: [TLS] [EXTERNAL] Re: WG Adoption for TLS Trus… Eric Rescorla
- Re: [TLS] [EXTERNAL] Re: WG Adoption for TLS Trus… Devon O'Brien
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Bas Westerbaan
- Re: [TLS] WG Adoption for TLS Trust Expressions Loganaden Velvindron
- Re: [TLS] WG Adoption for TLS Trust Expressions Brendan McMillion
- Re: [TLS] WG Adoption for TLS Trust Expressions Eric Rescorla
- Re: [TLS] WG Adoption for TLS Trust Expressions Watson Ladd
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Stephen Farrell
- Re: [TLS] WG Adoption for TLS Trust Expressions David Benjamin
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Eric Rescorla
- Re: [TLS] WG Adoption for TLS Trust Expressions David Benjamin
- Re: [TLS] [EXTERNAL] Re: WG Adoption for TLS Trus… Sean Turner
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Brendan McMillion
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson
- Re: [TLS] WG Adoption for TLS Trust Expressions Eric Rescorla
- Re: [TLS] WG Adoption for TLS Trust Expressions Eric Rescorla
- Re: [TLS] WG Adoption for TLS Trust Expressions Brendan McMillion
- Re: [TLS] WG Adoption for TLS Trust Expressions Watson Ladd
- Re: [TLS] WG Adoption for TLS Trust Expressions Dennis Jackson